ensp - 双核心网络搭建（简化） - 项目二

单个二层交换机

二层交换机LSW2-1：
[LSW2-1]vlan batch 10 20
[LSW2-1]stp region-configuration
[LSW2-1-mst-region]region-name text
[LSW2-1-mst-region]instance 1 vlan 10
[LSW2-1-mst-region]instance 2 vlan 20
[LSW2-1-mst-region]active region-configuration
[LSW2-1]inter e0/0/1
[LSW2-1-Ethernet0/0/1]port link-type access //access模式
[LSW2-1-Ethernet0/0/1]port default vlan 10 //加到vlan10

[LSW2-1]inter e0/0/2
[LSW2-1-Ethernet0/0/2]port link-type trunk //trunk模式
[LSW2-1-Ethernet0/0/2]port trunk allow-pass vlan all //允许所有vlan通过

[LSW2-1]inter e0/0/3
[LSW2-1-Ethernet0/0/3]port link-type trunk
[LSW2-1-Ethernet0/0/3]port trunk allow-pass vlan all

[LSW2-2]inter e0/0/4
[LSW2-2-Ethernet0/0/1]port link-type access //access模式
[LSW2-2-Ethernet0/0/1]port default vlan 20 //加到vlan20

三层交换机LSW3-1：
[LSW3-1]vlan batch 10 20 30
[LSW3-1-Vlanif10]dhcp enable
[LSW3-1]stp instance 1 root primary
[LSW3-1]stp instance 2 root secondary
[LSW3-1]stp region-configuration
[LSW3-1-mst-region]region-name text
[LSW3-1-mst-region]instance 1 vlan 10
[LSW3-1-mst-region]instance 2 vlan 20
[LSW3-1-mst-region]active region-configuration

[LSW3-1]inter vlan 10
[LSW3-1-Vlanif10]ip add 192.168.10.252 24
[LSW3-1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[LSW3-1-Vlanif10]vrrp vrid 10 priority 150

[LSW3-1]inter vlan 20
[LSW3-1-Vlanif20]ip add 192.168.20.252 24
[LSW3-1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254

[LSW3-1]inter vlan 30
[LSW3-1-Vlanif30]ip address 192.168.30.1 24

[LSW3-1]interface Eth-Trunk1

[LSW3-1-Eth-Trunk1]port link-type trunk
[LSW3-1-Eth-Trunk1]port trunk allow-pass vlan all

[LSW3-1]inter g0/0/2
[LSW3-1-GigabitEthernet0/0/2]port link-type trunk
[LSW3-1-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[LSW3-1]inter g0/0/4
[LSW3-1-GigabitEthernet0/0/4]eth-trunk 1

[LSW3-1]inter g0/0/5
[LSW3-1-GigabitEthernet0/0/5]eth-trunk 1

[LSW3-1]inter g0/0/6
[LSW3-1-GigabitEthernet0/0/6]port link-type access
[LSW3-1-GigabitEthernet0/0/6]port default vlan 30

[LSW3-1]ospf 1 router-id 2.2.2.2
[LSW3-1-ospf-1]area 0.0.0.0
[LSW3-1-ospf-1-area-0.0.0.0]network 180.76.76.0 0.0.0.255
[LSW3-1-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[LSW3-1-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[LSW3-1-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255

[LSW3-1]ip route-static 0.0.0.0 0.0.0.0 192.168.30.2

三层交换机LSW3-2：
[LSW3-2]vlan batch 10 20 40 100
[LSW3-2]dhcp enable
[LSW3-2]stp instance 1 root secondary
[LSW3-2]stp instance 2 root primary
[LSW3-2]stp region-configuration
[LSW3-2-mst-region]region-name text
[LSW3-2-mst-region]instance 1 vlan 10
[LSW3-2-mst-region]instance 2 vlan 20
[LSW3-2-mst-region]active region-configuration

[LSW3-2]inter vlan 10
[LSW3-2-Vlanif10]ip add 192.168.10.253 24
[LSW3-2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254

[LSW3-2]inter vlan 20
[LSW3-2-Vlanif20]ip address 192.168.20.253 24
[LSW3-2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[LSW3-2-Vlanif20]vrrp vrid 20 priority 150

[LSW3-2]inter vlan 40
[LSW3-2-Vlanif40]ip address 192.168.40.1 24

[LSW3-2]inter vlan 100
[LSW3-2-Vlanif100]ip add 192.168.100.254 24

[LSW3-2]interface MEth0/0/1
[LSW3-2-MEth0/0/1]interface Eth-Trunk1
[LSW3-2-Eth-Trunk1]port link-type trunk
[LSW3-2-Eth-Trunk1]port trunk allow-pass vlan all

[LSW3-2]inter g 0/0/1
[LSW3-2-GigabitEthernet0/0/1]port link-type access
[LSW3-2-GigabitEthernet0/0/1]port default vlan 100

[LSW3-2]inter g0/0/2
[LSW3-2-GigabitEthernet0/0/2]port link-type trunk
[LSW3-2-GigabitEthernet0/0/2]port trunk allow-pass vlan all

[LSW3-2]inter g0/0/4
[LSW3-2-GigabitEthernet0/0/4]eth-trunk 1

[LSW3-2]inter g0/0/5
[LSW3-2-GigabitEthernet0/0/5]eth-trunk 1

[LSW3-2]inter g0/0/6
[LSW3-2-GigabitEthernet0/0/6]port link-type access
[LSW3-2-GigabitEthernet0/0/6]port default vlan 40

[LSW3-2]ospf 1 router-id 3.3.3.3
[LSW3-2-ospf-1]area 0.0.0.0
[LSW3-2-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[LSW3-2-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[LSW3-2-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255

[LSW3-2]ip route-static 0.0.0.0 0.0.0.0 192.168.40.2

路由器AR1：
[AR1]acl number 2000
[AR1-acl-basic-2000]rule 5 permit source 192.168.10.0 0.0.0.255
[AR1-acl-basic-2000]rule 10 permit source 192.168.20.0 0.0.0.255
[AR1-acl-basic-2000]rule 15 permit source 192.168.30.0 0.0.0.255
[AR1-acl-basic-2000]rule 20 permit source 10.1.1.0 0.0.0.255

[AR1]nat address-group 1 10.1.1.2 10.1.1.5

[AR1]inter g0/0/0
[AR1-GigabitEthernet0/0/0]ip address 10.1.1.1 24
[AR1-GigabitEthernet0/0/0]nat outbound 2000 address-group 1
[AR1-GigabitEthernet0/0/0]nat static global 10.1.1.7 inside 192.168.100.1

[AR1]interface NULL0
[AR1-NULL0]interface LoopBack0
[AR1-LoopBack0]ip address 1.1.1.1 24

[AR1]ospf 1 router-id 4.4.4.4
[AR1-ospf-1]area 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]network 1.1.1.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.7
[AR1-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[AR1]ip route-static 0.0.0.0 0.0.0.0 10.1.1.6

路由器AR2：
[AR2]inter g0/0/0
[AR2-GigabitEthernet0/0/0]ip address 10.1.1.6 24 //不能是10.1.1.2~10.1.1.5

[AR2]inter g0/0/1
[AR2-GigabitEthernet0/0/1]ip address 10.1.2.1 24

[AR2]ospf 1 router-id 5.5.5.5
[AR2-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]network 1.1.1.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255

测试：

多个二层交换机

在上面的基础下，加一个二层交换机 LSW2-2

应添加的配置如下
LSW2-1：
[LSW2-1]stp region-configuration
[LSW2-1-mst-region]region-name text
[LSW2-1-mst-region]instance 3 vlan 50
[LSW2-1-mst-region]ac region-configuration

（新添）LSW2-2：
[LSW2-2]vlan 50
[LSW2-2-vlan50]quit
[LSW2-2]stp region-configuration
[LSW2-2-mst-region]region-name text
[LSW2-2-mst-region]instance 1 vlan 10
[LSW2-2-mst-region]instance 2 vlan 20
[LSW2-2-mst-region]instance 3 vlan 50
[LSW2-2-mst-region]ac region-configuration

[LSW2-2]inter e0/0/1
[LSW2-2-Ethernet0/0/1]port link-type access
[LSW2-2-Ethernet0/0/1]port default vlan 50

[LSW2-2]inter e0/0/2
[LSW2-2-Ethernet0/0/2]port link-type trunk
[LSW2-2-Ethernet0/0/2]port trunk allow-pass vlan all

[LSW2-2]inter e0/0/3
[LSW2-2-Ethernet0/0/3]port link-type trunk
[LSW2-2-Ethernet0/0/3]port trunk allow-pass vlan all

LSW3-1：
[LSW3-1]vlan 50
[LSW3-1-vlan50]quit

[LSW3-1]stp instance 3 root secondary
[LSW3-1]stp region-configuration
[LSW3-1-mst-region]region-name text
[LSW3-1-mst-region]instance 3 vlan 50
[LSW3-1-mst-region]active region-configuration

[LSW3-1-mst-region]inter vlan 50
[LSW3-1-Vlanif50]ip add 192.168.50.252 24
[LSW3-1-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.254

[LSW3-1]inter g0/0/3
[LSW3-1-GigabitEthernet0/0/3]port link-type trunk
[LSW3-1-GigabitEthernet0/0/3]port trunk allow-pass vlan all

[LSW3-1]ospf 1 router-id 2.2.2.2
[LSW3-1-ospf-1]area 0.0.0.0
[LSW3-1-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255

LSW3-2：
[LSW3-2]vlan 50
[LSW3-2-vlan50]quit

[LSW3-2]stp instance 3 root primary
[LSW3-2]stp region-configuration
[LSW3-2-mst-region]region-name text
[LSW3-2-mst-region]instance 3 vlan 50
[LSW3-2-mst-region]active region-configuration

[LSW3-2]inter vlan 50
[LSW3-2-Vlanif50]ip add 192.168.50.253 24
[LSW3-2-Vlanif50]vrrp vrid 50 virtual-ip 192.168.50.254
[LSW3-2-Vlanif50]vrrp vrid 50 priority 150

[LSW3-2]inter g0/0/3
[LSW3-2-GigabitEthernet0/0/3]port link-type trunk
[LSW3-2-GigabitEthernet0/0/3]port trunk allow-pass vlan all

[LSW3-1]ospf 1 router-id 3.3.3.3
[LSW3-1-ospf-1]area 0.0.0.0
[LSW3-1-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255

AR1：
[AR1]acl number 2000
[AR1-acl-basic-2000]rule 30 permit source 192.168.50.0 0.0.0.255

[AR1]ospf 1 router-id 4.4.4.4
[AR1-ospf-1]area 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255

AR2：
[AR2]ospf 1 router-id 5.5.5.5
[AR2-ospf-1]area 0.0.0.0
[AR2-ospf-1-area-0.0.0.0]network 192.168.50.0 0.0.0.255

有个问题挺奇怪的，为什么 vlan20 Ping vlan50 延迟比较大，一开始需要多ping几次才行？